Preventing local administrators from renaming computers in AD

21 בפברואר 2007

Imagine that you are an administrator in a large distributed AD based environment. You have invested a lot of thought and time in the design, written policies, created procedures and among other things you rely on some sort of naming convention for your servers for the purpose of provisioning and tracking. You rigorously follow the guidelines in order to keep your environment as stable and controlled as possible, but...  But the problem is that in a large environment you do not control everything. It only makes sense that there are user accounts in your AD that are local administrators on a bunch of production servers...
2 תגובות